ACE https redirection to subdirectory

abhik.dey · ‎12-11-2013

Hello Experts,

I have a request as below.

Traffic hits ACE on VIP which is a https traffic with SSL offloading and then traffic should be redirected to subdirectory which is mentioned below. I can redirect the traffic and make a try but it's not working with SSL rewrite and with action list. Can https traffic be redirected to subdirectory? My SSL offloading is working well but when i type the URL it give me HTTP respnose code as 403 forbidden, it looks that a proper action list is needed to redirect to subdirectory. Please suggest.

eg: https://abc-tx.mn.abc.net to

https://abc-tx.mn.abc.net/path

Kanwaljeet Singh · ‎12-11-2013

Hi Abhik,

You want ACE to redirect the traffic coming in on VIP or you want that ACE shall rewrite the server response and rewrite the redirect responses which might be in HTTP?

The HTTPS to HTTPS redirection is exactly like HTTP plus SSL offloading that you need to configure and it should work fine. Can you share your configuration and explain what exactly is the requirment. You are saying you can redirect the traffic but it is not working with SSL rewrite and with action list. I am not sure what exactly is the configuration and what is expected.

Regards,

Kanwal

abhik.dey · ‎12-11-2013

Hi Kanwal,

I have erased the ssl rewrite as was focussing on http header rewrite function with action list.

My requirement is that traffic would come to ACE as https://abc-tx.mn.abc.net and it should redirect traffic to https://abc-tx.mn.abc.net/int. On IIS they are not redirecting the traffic to /int subdirectory. So we need to make this happen on ACE.Can you please let me know from scratch how i can achieve it. FYI backend rservers are only listening on port 443 and not 80.

Thanks in advance kanwal.

regards

Abhik

Kanwaljeet Singh · ‎12-11-2013

Hi Abhik,

There is a problem. The problem is that you are redirecting from HTTPS to HTTPS and HOSTNAME is same. When the user will come again with /int it will still come on same VIP and will get redirected again. This will be a problem. If it was HTTP to HTTPS redirection then scenario would have been different and it would have matched a different class-map condition. Is it a possibility to redirect from http to https or it has to be https to https. We can create class-map based on http url and try.

Regards,

Kanwal

abhik.dey · ‎12-11-2013

Hi Kanwal,

I am aware of http to https redirection to subdirectory and i am sure it will work. But for this specific requirement i am not able to achieve it. We need to achieve only with https to https redirection to subdirectory /int. .

And yes i agree with you that we can create a class map with http type . Do you have any idea how to bind the actual VIP and the class with http url and call it on multi-match. if you can help me with example config with the request it would be great.

thanks again!!

Kanwaljeet Singh · ‎12-11-2013

Hi Abhik,

Some thing like this:

class-map match-all LB
2 match virtual-address 10.10.10.10 tcp eq https

class-map type http loadbalance match-all URL

2 match http url abc.com

class-map type http loadbalance match-all URL1

2 match http url abc.com/test

policy-map type loadbalance first-match LB

class URL

serverfarm Redirect

class URL1

serverfarm Webfarm

policy-map multi-match LB1

class LB

loadbalance vip inservice

loadbalance policy LB

NOTE: This is just an example. When you try this in your set up please ensure that you apply SSL-PROXY configuration for HTTPS redirection and normal LB. If your servers also listen on 443 you will also need end to end ssl.

Regards,

Kanwal